nss-pam-ldapd security advisory (CVE-2013-0288)
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
nss-pam-ldapd security advisory (CVE-2013-0288)
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-announce <nss-pam-ldapd-announce [at] lists.arthurdejong.org>
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: nss-pam-ldapd security advisory (CVE-2013-0288)
- Date: Mon, 18 Feb 2013 18:01:24 +0100
Garth Mollett discovered that a file descriptor overflow issue in the
use of FD_SET() in nss-pam-ldapd can lead to a buffer overflow. An
attacker could, under some circumstances, use this flaw to cause a
process that has the NSS or PAM module loaded to crash or potentially
execute arbitrary code.
This problem affects all releases before 0.7.18 and 0.8.11.
This problem has been assigned CVE-2013-0288.
More details are available at:
http://arthurdejong.org/nss-pam-ldapd/CVE-2013-0288
Users are advised to apply the appropriate patch or upgrade to 0.8.11 or
0.7.18.
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-announce-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-announce/
- nss-pam-ldapd security advisory (CVE-2013-0288),
Arthur de Jong